node-modbus-serial expose information and allow an attacker to get full control over the host machine

expose information and allow an attacker to get full control over the host machine

Open ponguruswamy opened this issue 3 years ago • 0 comments

The dangerous function, strncpy, was found in use at line 58 in node_modules/@serialport/bindings/src/serialport_win.cpp file. Such functions may expose information and allow an attacker to get full control over the host machine.

void EIO_Open(uv_work_t* req) { .... 65. strncpy(data->path + 20, data->path, 10);

Dec 16 '21 11:12 ponguruswamy

node-modbus-serial node-modbus-serial copied to clipboard

expose information and allow an attacker to get full control over the host machine

node-modbus-serial
node-modbus-serial copied to clipboard